Skip to content

Audit Logs

Deprecated

The standalone Audit Logs page has been replaced by the unified System Logs viewer, which aggregates all platform logs including user action audit trails. This page is retained for reference.

The Audit Logs page displays a chronological record of user actions performed on the platform. Audit logs provide accountability and traceability for administrative operations, configuration changes, and security-relevant events.

Audit Log Overview

Every significant action on the platform generates an audit log entry. Entries are immutable — they cannot be edited or deleted by any user, including administrators.

Log Viewer

The audit log viewer displays entries in reverse chronological order (newest first).

Column Description
Timestamp Date and time the action occurred (UTC)
User The user who performed the action
Action The operation performed (e.g., user.created, event.updated)
Resource The type and identifier of the affected resource
Details Summary of what changed
IP Address Source IP address of the request

Action Categories

Category Example Actions
Authentication auth.login, auth.logout, auth.failed
Users user.created, user.updated, user.deactivated, user.role_changed
Events event.created, event.updated, event.status_changed, event.deleted
Teams group.created, group.updated, group.member_added, group.member_removed

Audit Log Action Names

The backend API uses group.* action names for TAK protocol compatibility. These actions correspond to team operations in the admin UI.

| Certificates | certificate.issued, certificate.revoked, ca.generated | | Registrations | registration.approved, registration.rejected | | Settings | settings.updated, settings.smtp_changed | | Federation | federation.connected, federation.disconnected |

Filtering

Use the filter controls to narrow the log view.

Filter Description
Date Range Start and end date/time
User Filter by the user who performed the action
Action Filter by action type or category
Resource Type Filter by resource type (event, user, team, etc.)
Resource ID Filter by a specific resource identifier

Filters can be combined. Click Clear Filters to reset to the default view.

Log Detail View

Click a log entry to expand its detail view, which includes:

Field Description
Full Timestamp Precise timestamp with milliseconds
User Agent Browser or client user agent string
Request Method HTTP method (GET, POST, PUT, DELETE)
Before State Resource state before the change (for update actions)
After State Resource state after the change (for update actions)
Metadata Additional context (e.g., approval reason, role change details)

The before/after state comparison highlights exactly what fields changed.

Export

Click Export to download audit log entries as a CSV file. The export respects the current filter settings — only filtered entries are included.

Retention

Audit log retention is configured in the platform Settings. By default, audit logs are retained indefinitely. The LOG_RETENTION_DAYS environment variable can set a maximum retention period.

See the Configuration Reference for logging configuration details.

  • User Management — User actions tracked in audit logs
  • Settings — Log retention configuration
  • Logs — System-level service logs (separate from audit logs)